mirror of https://github.com/minio/minio.git
baec331e84
This commit adds two functions for sealing/unsealing the etag (a.k.a. content MD5) in case of SSE single-part upload. Sealing the ETag is neccessary in case of SSE-S3 to preserve the security guarantees. In case of SSE-S3 AWS returns the content-MD5 of the plaintext object as ETag. However, we must not store the MD5 of the plaintext for encrypted objects. Otherwise it becomes possible for an attacker to detect equal/non-equal encrypted objects. Therefore we encrypt the ETag before storing on the backend. But we only need to encrypt the ETag (content-MD5) if the client send it - otherwise the client cannot verify it anyway. |
||
|---|---|---|
| .. | ||
| config.go | ||
| doc.go | ||
| error.go | ||
| header.go | ||
| header_test.go | ||
| key.go | ||
| key_test.go | ||
| kms.go | ||
| kms_test.go | ||
| metadata.go | ||
| metadata_test.go | ||
| sse.go | ||
| sse_test.go | ||
| vault.go | ||